Computer networks and systems have become indispensable tools for modern business. Modern enterprises use such networks for communications and for storage. The information and data stored on the network of a business enterprise is often a highly valuable asset. Modern enterprises use numerous tools to keep outsiders, intruders, and unauthorized personnel from accessing valuable information stored on the network. These tools include firewalls, intrusion detection systems, and packet sniffer devices.
FIG. 1 illustrates a simple prior art configuration of a local area network (LAN) 100 connected to the Internet 102. Connected to the LAN 100 are various components, such as servers 104, clients 106, and switch 108. Numerous other networking components and computing devices are connectable to the LAN 100. The LAN 100 may be implemented using various wireline or wireless technologies, such as Ethernet and the 802.11 the IEEE family of wireless communication standards. LAN 100 could be connected to other LANs.
In this prior configuration, the LAN 100 is connected to the Internet 102 via a router 110. This router 110 may be used to implement a firewall. Firewalls are widely used to try to provide users of the LAN 100 with secure access to the Internet 102 as well as to provide separation of a public Web server (for example, one of the servers 104) from an internal network (for example, LAN 100). Data leaving the LAN 100 to the Internet 102 passes through the router 110. The router 110 simply forwards packets as is from the LAN 100 to the Internet 102.
However, once an intruder has gained access to sensitive content inside a LAN such as LAN 100, there presently is no network device that can prevent the electronic transmission of the content from the network to outside the network. Similarly, there is no network device that can analyse the data leaving the network to monitor for policy violations, and make it possible to track down information leeks.
Prior data storage techniques placed files/data in open locations of a disk. The location was not dependent on the time of the storage request. The location could be dependent on the relative importance (important files and/or files likely to be retrieved from the disk frequently are assigned to inner-areas of the disk) and/or what space is open. FIG. 2 illustrates an exemplary prior art disk storing three files (A, B, and C) with each file occupying three blocks of space. These files were stored in the order of A, then B, and finally C. Each of these files contains files A and B contain the same text (“example—1”) and file C contains text different than A and B (“example—2”). File A is stored in an inner-area. Files B and C are image files that are not used frequently. File C is stored in an intermediate location of the disk that was open. As illustrated, File B is stored in area farther out than A or B and is not stored in contiguous blocks. If these files were stored based on time, then A would be an innermost-area, followed by B, and then C.
When searching for a particular file or files that were stored in the prior art storage technique the entire disk and/or file system (such as a file allocation table or FAT) was searched to find the desired file or files. FIG. 3 illustrates an exemplary prior art search using lists. As shown, each block (or each line of the file system) is search serially until the desired information is located. When the information is found it is added to a list of positive matches.
If the search was to determine what files have the text “example—1” and “example—2” two different lists (list A and list B) would be created after each serial search is performed. After the two lists are created, the cross product (A×B) is performed and the results are evaluated. This means that the number of evaluations that have to be performed is the number of matches of in A multiplied by the number of matches in B. In other words, when looking for more than one piece of data, the search becomes an order n2 operation.